Line Configuration

From Braindisconnect
Revision as of 08:21, 2 March 2015 by Jbutler (talk | contribs) (Created page with "Category:Networking == Cisco == These configurations are best practice for security reasons. ==== Local User and Enable Password ==== <pre> username <username> secret <p...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.


Cisco

These configurations are best practice for security reasons.

Local User and Enable Password

username <username> secret <password>
enable secret <password>

The enable secret is the best practice way of configuring the enable password.

VTY Lines

  • Make sure Secure Shell has been configured.
  • Make sure AAA has been configured.
line vty 0 4
 exec-timeout 30 0
 logging synchronous 
 login authentication vtymethod
 transport input ssh
line vty 5 15
 exec-timeout 30 0
 logging synchronous 
 login authentication vtymethod
 transport input ssh
  • The VTY number is essentially the number of connections that can occur, 0 4 is 5 connections.
  • logging synchronous will keep log messages from interrupting your typing.
  • login authentication vtymethod tells the router to use the vtymethod in the AAA settings for authentication.
  • transport input ssh will set the router to only accept secure shell connections.

Console and Auxiliary Lines

Disabling the AUX Port

Unless you are using the AUX line for an AUX2CON connection, then it is highly recommended that the AUX port be disabled.

line aux 0
 transport input none
 transport output none
 no exec
 exec-timeout 0 1
 no password
Configuring the CON port
line con 0
 exec-timeout 30 0
 login authentication vtymethod